Resources for the Information Security & Privacy Professional

Tag Archives: Smart meter

My comments are my own and do not necessarily reflect the opinion of my company.

For the last several years, Personally Identifiable Information, or PII, has been the buzz in privacy circles. That’s old school now. By itself, PII is fairly useless for violating one’s privacy, except as it pertains to identity fraud, or when coupled with other sensitive information that ties our behavior to our identity.

Lately, I’ve been tossing a new phrase in my new role (and really to anyone that will listen): “Energy Privacy.” That is, privacy issues having to do with an energy utility customer’s detailed energy usage information, generally obtained through “smart meters” or “advanced metering infrastructure.” The concept of energy privacy is nothing new to utilities. They’ve been analyzing coarse-grained usage data for years and have been generally very good at protecting customer privacy while doing it.

The difference now is how fine the granularity is becoming. Forget monthly reads. Smart meters are reading our energy usage in near-real time (even though many utilities only collect reads every 15 minutes or every hour.) Privacy professionals typically fear that this means that 3rd parties will be able to tell when customers are home and when they are not based on their usage.

Please. That doesn’t begin to scratch the surface of what we can expect.

Don’t get me wrong. I believe smart meters and the smart grid in general can provide some great benefits to everyone: customers, utilities and 3rd parties wanting to sell awesome products and services that will improve our lives and perhaps help preserve the environment. Energy usage information will help utilities build grids that are more reliable and less susceptible to power outages while accommodating more unpredictable renewable energy sources like wind and solar, and a flood of new energy-soaking devices like electric cars. I get it and I embrace it as long as my privacy is respected.

But consider this analogy. Today’s smart meters are akin to binoculars on the sides of our homes. The algorithms used to analyze usage information in order to find patterns that describe how the energy is being used allow anyone with access to it to see inside our homes the types of devices we plug in. For example, refrigerators, air conditioners, or electric vehicles. Analysts can see when we’re using these devices, how often, and how many we have.

Tomorrow’s algorithms will be more like microscopes. Not only will we be able to see that a consumer has a refrigerator, but what brand and model it is, what condition it is in, and even how much food it has in it (full refrigerators use less energy than empty ones…if I know the expected output of your brand and model, I can determine this.) Analysts will be able to tell what you’re watching on television. Tomorrow’s algorithms will be able to not only detect devices, but predict behavior. Of course, early algorithms will be used to determine how we can save energy. That’s a primary reason smart grid exists. But what if an algorithm could be written to determine whether a single parent was neglecting their kids? Not enough food in the fridge, too much time on the game console? Must be bad parenting. What if usage data could be used to detect criminal activity or “unwanted” behavior…I don’t just mean pot growers. I mean anything that society deems unacceptable at the moment. Maybe someone has too many water features plugged in their backyard, or watches TV too much (shouldn’t you be looking for a job?) All that is needed to see an average person’s behavior inside their home is to examine their usage data.

Now couple that with California’s consideration of plans to build an energy data center to house and analyze all this energy usage data. Their intentions are good. They want to help plan future infrastructure needs, especially local governments. They want to help us reduce energy use. But when the government wants to peer inside our homes with a microscope, regardless of their stated intentions, what privacy do we really have left?

Some say that as long as the data is anonymous or aggregated that it should be fine to share the information. Does anyone recall the privacy breach at AOL in which hundreds of thousands of “anonymous” customers were at risk of having their personal searches tied to them? How long will it be before an algorithm is developed that can determine who we are simply by our energy use coupled with the treasure trove of free information available on the Internet, such as Google Maps? How difficult will it be for smart mathematicians to de-aggregate information that we thought was aggregated? I don’t know except that it will be sooner than we think.

Enter the importance of energy privacy. Our energy usage data will say more about us than whether we are home or not. A lot more. This by itself is not a bad thing IF we as consumers have control over whom the data is shared with and how it is used. Give consumers control and confidence builds.

My goal is to raise awareness of the importance–and value–of your energy usage data. So informed, you can begin to participate in the discussion about how your usage information will be used and whom it will be shared with. I believe that as long as consumers have knowledge of the risks of sharing this information, have the ability to decide who they would like to share it with (referred to as “opt-in”), and the ability to review and terminate any such sharing in the future, that the consumer then retains control of this information. Control equals power.

At the vanguard of protecting our energy privacy are utilities (who often get a bad rap for protecting such information) and privacy advocates who understand the potential risks and are fighting to preserve this last bastion of personal privacy. Why should utilities care about your privacy? Its quite simple: They don’t want you to remove the smart meter from your house. Even if you don’t fully trust your own utility, you can absolutely trust that they have an intrinsic business-minded reason to passionately protect your privacy. They want you to participate.

Now is the time for us all to consider how important our energy privacy is inside our own homes and how much intrusion we are willing to tolerate. Ask your utility and your government about your energy privacy and what they’re doing to protect it. Let’s have a conversation and ensure consumers retain the power they have every right to expect.